Skip to content

Commit c8592a4

Browse files
nkraemer-sysdignkraemer-sysdig
authored
feat: Add attributes to the trusted identity datasource (#118)
1 parent 1f11570 commit c8592a4

File tree

2 files changed

+25
-1
lines changed

2 files changed

+25
-1
lines changed

sysdig/data_source_sysdig_secure_trusted_cloud_identity.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,10 @@ package sysdig
22

33
import (
44
"context"
5+
"strings"
56
"time"
67

8+
"github.com/aws/aws-sdk-go/aws/arn"
79
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
810
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
911
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -29,6 +31,14 @@ func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource {
2931
Type: schema.TypeString,
3032
Computed: true,
3133
},
34+
"aws_account_id": {
35+
Type: schema.TypeString,
36+
Computed: true,
37+
},
38+
"aws_role_name": {
39+
Type: schema.TypeString,
40+
Computed: true,
41+
},
3242
},
3343
}
3444
}
@@ -48,5 +58,15 @@ func dataSourceSysdigSecureTrustedCloudIdentityRead(ctx context.Context, d *sche
4858
d.SetId(identity)
4959
d.Set("identity", identity)
5060

61+
// If identity is an ARN, attempt to extract certain fields
62+
parsedArn, err := arn.Parse(identity)
63+
if err == nil {
64+
d.Set("aws_account_id", parsedArn.AccountID)
65+
66+
if parsedArn.Service == "iam" && strings.HasPrefix(parsedArn.Resource, "role/") {
67+
d.Set("aws_role_name", strings.TrimPrefix(parsedArn.Resource, "role/"))
68+
}
69+
}
70+
5171
return nil
5272
}

website/docs/d/sysdig_secure_trusted_cloud_identity.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,13 @@ data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
2222

2323
## Argument Reference
2424

25-
* `cloud_provider` - (Required) The cloud provider in which the account exists. Currently supported providers are `aws`, `gcp` and `azure`
25+
* `cloud_provider` - (Required) The cloud provider in which the trusted identity will be used. Currently supported providers are `aws`, `gcp` and `azure`
2626

2727

2828
## Attributes Reference
2929

3030
* `identity` - Sysdig's identity (User/Role/etc) that should be used to create a trust relationship allowing Sysdig access to your cloud account.
31+
32+
* `aws_account_id` - If `identity` is an AWS ARN, this attribute contains the AWS Account ID to which the ARN belongs, otherwise it contains the empty string.
33+
34+
* `aws_role_name` - If `identity` is a AWS IAM Role ARN, this attribute contains the name of the role, otherwise it contains the empty string.

0 commit comments

Comments
 (0)